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DETAILED ACTION 



Response to Amendment 



1 . This communication is in response to the amendment received on August 4, 
2006. Claims 1-24 are currently pending consideration. 

Response to Arguments 

2. Applicant's arguments filed August 4, 2006 have been fully considered but they 
are not persuasive for the following reasons: 

Regarding the independent claim 1 , the Applicant argues that the Cited Prior Art 
(CPA)Jrabelsi (US 2001/0056494), does not teach the reuse of a finite number of 
"action indicators" in association with a plurality of "action group tags" or "action group 
containers", wherein each action indicator combined with the group tag or container can 
be assigned a unique permission. This argument is not persuasive. Based on the 
broadest reasonable interpretation, each action group tag, can be interpreted as the 
roles as specified in paragraph 34. Each role (action group tag) can perform a number 
of different actions based on permissions (paragraphs 34 and 43-44). The rights or 
resource can be grouped as well by keywords, or characters (action indicators) wherein 
wildcards can be used as well so that each character can be coupled with a wildcard to 
effectively be reused amongst different permissions (paragraph 43). These action 
indicators can be reused among the different generic groups as delineated in paragraph 
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43. The applicant argues that the action indicators are or certain actions such as "add", 
"attach", "connect", "delete", etc., but though given the broadest reasonable 
interpretation in light of the specification, the specification is not read into the claims. 
Furthermore, the Applicant argues the meaning of "action group container" and "action 
group tags", but these are not defined in the claims in a way to differentiate over the 
prior art. The action group container and action group tag, are viewed as analogous to 
a permission group. Furthermore, the relationship between the action group container, 
action group tag, access control policy permission list is not well-established through the 
claim language. Therefore, it is asserted that the CPA does teach the reuse of a finite 
number of "action indicators" in association with a plurality of "action group tags" or 
"action group containers", wherein each action indicator combined with the group tag or 
container can be assigned a unique permission. 

Therefore, the rejection for the pending claims is respectfully maintained as given 

below. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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3. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by Trabelsi 
(U.S. Patent Publication No. US 2001/0056494 A1). 

Regarding claim 1, Trabelsi discloses: 

A method for extending and grouping actions and permissions for authorization 
of a requesting user to access or use a requested protected system resource in a 
computer system, said method comprising the steps of: 

providing an access control policy (paragraph 9) associated with said requested 
protected system resource, said access control policy containing a permission list of 
permitted identities (paragraphs 34, 37) for use of said protected system resource, and 
at least one action group tag and associated action indicators (paragraphs 37,43-44); 

reusing a finite quantity of action indicators among a plurality of action group tags 
to control a number of unique permissions less than or equal to the product of the 
quantity of allowable action indicators and a quantity of allowable action group tags 
(paragraphs 43-44), wherein a group of administrators (paragraphs 5, 34) and the 
permissions can be grouped into generic groups using special keywords using the 
alphabetic characters which provide rights; 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a correlation 
between permissible actions and members of a set of action indicators (paragraphs 67- 
75, wherein the permissions are checked against an access control list which has rights 
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for the requestor, the authorized actions that can be performed on the resource, and the 
requested right; and 

granting authorization to perform actions on said requested protected system 
resource to said requesting user if said access control policy permission list includes an 
appropriate action indicator correlated to an action group tag (paragraphs 70-75), 
wherein access is granted to perform action on the resource if all the criteria are 
satisfied in relation to the group and the authorized action. 

Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 1 further comprising providing in an access 
control policy permission list a plurality of action group tags, each action group tag 
having one or more associated action indicators, such that resultant granting of 
authorization to act on said requested protected object is completed if the requested 
action is allowed by any of the associated action indicators of any of the action groups 
(paragraphs 70-75), wherein access is granted to perform action on the resource if all 
the criteria are satisfied in relation to the group and the authorized action. 

Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 1 , wherein said requested protected system 
resource comprises a computer file sent to a local computer from a remote computer 
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over a computer network (paragraph 68), wherein the requested resource can be a 
database file. 

Regarding claim 4, Trabelsi discloses: 

A method for managing permission indicators for computer system protected 
objects comprising the steps of: 

providing a plurality of permission indicator containers in an access control list 
(paragraphs 9, 34, 37); 

associating a first set of permission indicators with a primary permission indicator 
container (paragraphs 5, 34), wherein the group identifier specifies what privileges and 
rights the requestor possesses; and 

associating one or more additional sets of permission indicators with additional 
permission indicator containers (paragraphs 34, 43-44), wherein said permission 
indicators are reused among said containers such that permission indicators may be 
categorized and grouped logically to control a number of unique permissions less than 
or equal to the product of a quantity of allowable action indicators and a quantity of 
allowable action group tags (paragraphs 43-44), wherein a group of administrators 
(paragraphs 5, 34) and the permissions can be grouped into generic groups using 
special keywords using the alphabetic characters which provide rights. 

Claim 5 is rejected as applied above in rejecting claim 4. Furthermore, Trabelsi 
discloses: 
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The method as set forth in claim 4 wherein said step of providing a first set of 
permission indicators comprises providing at least one other (additional) permission 
indicator set having equivalent permission indicators to said first set such that 
permission indicators may be assigned unique permissive control according to a 
permission indicator container with which they are associated (paragraphs 34-39), 
wherein a group identifier may specify one or more roles with each role possessing its 
own permission indicators. 

Claim 6 is rejected as applied above in rejecting claim 5. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 5 wherein said step of providing an equivalent 
set of permission indicators comprises providing the characters "a" through "z" and "A" 
through "Z" as permission indicators (paragraphs 43-44), wherein keywords and 
alphabetic characters are used to provide certain permission indicators to access 
different resources. 

Claim 7 is rejected as applied above in rejecting claim 4. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 4 further comprising associating an action group 
tag with a permission indicator container (paragraphs 8, 34-38), wherein a group 
identifier can be associated with a number of different roles and different roles. 



Application/Control Number: 09/903,704 Page 8 

Art Unit: 2131 

Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Trabelsi 
discloses: 

The method as set forth in claim 7 further comprising the step of providing an 
action group tag with an associated list of permission indicators in an access control list 
entry (paragraphs 43-45, 67-70), wherein an group identifier is associated with different 
permission indicators which are checked when a resource is requested. 

Regarding claim 9, Trabelsi discloses: 

A computer readable medium encoded with software or extending and grouping 
actions and permissions for authorization of a requesting user to access or use a 
requested protected system resource in a computer system, said software performing 
steps comprising: 

providing an access control policy (paragraph 9) associated with said requested 
protected system resource containing a permission list of permitted identities 
(paragraphs 34, 37) and at least one action group tag with associated action indicators 
(paragraphs 37,43-44); 

reusing a finite quantity of action indicators among a plurality of action group tags 
to control a number of unique permissions less than or equal to the product of the 
quantity of allowable action indicators and a quantity of allowable action group tags 
(paragraphs 43-44), wherein a group of administrators (paragraphs 5, 34) and the 
permissions can be grouped into generic groups using special keywords using the 
alphabetic characters which provide rights; 
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evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a correlation 
between members of a set of action indicators (paragraphs 67-75, wherein the 
permissions are checked against an access control list which has rights for the 
requestor, the authorized actions that can be performed on the resource, and the 
requested right; and 

granting authorization to perform actions on said requested protected system 
resource to said requesting user if said access control policy permission list includes an 
appropriate action indicator correlated to an action group tag (paragraphs 70-75), 
wherein access is granted to perform action on the resource if all the criteria are 
satisfied in relation to the group and the authorized action. 

Claim 10 is rejected as applied above in rejecting claim 9. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 9 further comprising 
software for providing in an access control policy permission list a plurality of action 
group tags, each action group tag having one or more associated action indicators, 
such that resultant granting of authorization to act on said requested protected object is 
completed if the requested action is allowed by any of the associated action indicators 
of any of the action groups (paragraphs 70-75), wherein access is granted to perform 
action on the resource if all the criteria are satisfied in relation to the group and the 
authorized action. 
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Claim 11 is rejected as applied above in rejecting claim 9. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 9 wherein said requested 
protected system resource comprises a computer file sent to a local computer from a 
remote computer over a computer network (paragraph 68), wherein the requested 
resource can be a database file. 

Regarding claim 12, Trabelsi discloses: 

A computer readable medium encoded with software for managing permission 
indicators for computer system protected objects, said software performing the steps of: 

providing a plurality of permission indicator containers in an access control list 
(paragraphs 9, 34, 37); 

associating a first set of permission indicators with a primary permission indicator 
container (paragraphs 5, 34), wherein the group identifier specifies what privileges and 
rights the requestor possesses; and 

associating one or more additional sets of permission indicators with additional 
permission indicator containers (paragraphs 34 f 43-44), wherein said permission 
indicators are reused among said containers such that permission indicators may be 
categorized and grouped logically to control a number of unique permissions less than 
or equal to the product of a quantity of allowable action indicators and a quantity of 
allowable action group tags (paragraphs 43-44), wherein a group of administrators 
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(paragraphs 5, 34) and the permissions can be grouped into generic groups using 
special keywords using the alphabetic characters which provide rights. 

Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 12 wherein said software for 
providing a first set of permission indicators comprises software for providing permission 
indicators which are equivalent to at least one other (additional) permission indicators 
such that permission indicators may be assigned unique permissive control according to 
a permission indicator container with which they are associated (paragraphs 34-39), 
wherein a group identifier may specify one or more roles with each role possessing its 
own permission indicators. 

Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 13 wherein said software for 
providing equivalent permission indicators comprises software for providing a set of 
permission indicators including the characters "a" through "z" and "A" through "Z" 
(paragraphs 43-44), wherein keywords and alphabetic characters are used to provide 
certain permission indicators to access different resources. 
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Claim 15 is rejected as applied above in rejecting claim 12. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 12 further comprising 
software for associating an action group tag with a permission indicator container 
(paragraphs 8, 34-38), wherein a group identifier can be associated with a number of 
different roles and different roles. 

Claim 16 is rejected as applied above in rejecting claim 15. Furthermore, Trabelsi 
discloses: 

The computer readable medium as set forth in claim 15 further comprising 
software for providing an action group tag with an associated list of permission 
indicators in an access control list entry (paragraphs 43-45, 67-70), wherein an group 
identifier is associated with different permission indicators which are checked when a 
resource is requested. 

Regarding claim 17, Trabelsi discloses: 

An authorization system for extending and grouping actions and permissions for 
authorization of a requesting user to access or use a requested protected system 
resource in a computer system, said system comprising: 

an access control policy (paragraph 9) associated with said requested protected 
system resource, having a permission list of permitted identities (paragraphs 34, 37) 
and at least one action group tag with associated action indicators wherein a finite 



Application/Control Number: 09/903,704 Page 13 

Art Unit: 2131 

quantity of action indicators are reused among a plurality of action group tags to control 
a number of unique permissions less than or equal to the product of the quantity of 
allowable action indicators and a quantity of allowable action group tags (paragraphs 
43-44), wherein a group of administrators (paragraphs 5, 34) and the permissions can 
be grouped into generic groups using special keywords using the alphabetic characters 
which provide rights; 

a permission list evaluator for evaluating an access control policy permission list 
according to a specific permission definition associated with said action group tag, said 
permission definition providing a correlation between members of a set of action 
indicators (paragraphs 67-75, wherein the permissions are checked against an access 
control list which has rights for the requestor, the authorized actions that can be 
performed on the resource, and the requested right; and 

an authorization grantor adapted to grant authorization to perform actions on said 
requested protected system resource to said requesting user if said access control 
policy permission list includes an appropriate action indicator correlated to an action 
group tag (paragraphs 70-75), wherein access is granted to perform action on the 
resource if all the criteria are satisfied in relation to the group and the authorized action. 

Claim 18 is rejected as applied above in rejecting claim 17. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 17 further wherein said access control policy 
permission list comprises a plurality of action group tags, each action group tag having 
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one or more associated action indicators, such that resultant granting of authorization to 
act on said requested protected object is completed if the requested action is allowed by 
any of the associated action indicators of any of the action groups (paragraphs 70-75), 
wherein access is granted to perform action on the resource if all the criteria are 
satisfied in relation to the group and the authorized action. 

Claim 19 is rejected as applied above in rejecting claim 17. Furthermore, Trabelsi 
discloses: 

The system as set forth in Claim 17 wherein the requested protected system 
resource comprises a computer file sent to a local computer from a remote computer 
over a computer network (paragraph 68), wherein the requested resource can be a 
database file. 

Regarding claim 20, Trabelsi discloses: 

A system for managing permission indicators for computer system protected 
objects comprising: 

a plurality of permission indicator containers for an access control list 
(paragraphs 34, 37); 

a first set of permission indicators associated with a primary permission indicator 
container (paragraphs 37,43-44); and 

one or more additional sets of permission indicators (paragraphs 34-39), 
associated with additional permission indicator containers, wherein such permission 
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indicators are reused among said containers such that permission indicators are 
categorized and grouped logically to control a number of unique permissions less than 
or equal to the product of a quantity of allowable action indicators and a quantity of 
allowable action group tags (paragraphs 43-44), wherein a group of administrators 
(paragraphs 5, 34) and the permissions can be grouped into generic groups using 
special keywords using the alphabetic characters which provide rights. 

Claim 21 is rejected as applied above in rejecting claim 20. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 20 wherein said a first set of permission 
indicators and at least one other (additional) permission indicator set are equivalent 
permission indicators such that permission indicators are assigned unique permissive 
control according to the permission indicator container with which they are associated 
(paragraphs 34-39), wherein a group identifier may specify one or more roles with each 
role possessing its own permission indicators. 

Claim 22 is rejected as applied above in rejecting claim 21. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 21 wherein said equivalent set of permission 
indicators comprises the characters "a" through "z" and "A" through "Z" (paragraphs 43- 
44), wherein keywords and alphabetic characters are used to provide certain permission 
indicators to access different resources. 
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Claim 23 is rejected as applied above in rejecting claim 20. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 20 further comprising an action group tag 
associated with a permission indicator container (paragraphs 8, 34-38), wherein a group 
identifier can be associated with a number of different roles and different roles. 

Claim 24 is rejected as applied above in rejecting claim 23. Furthermore, Trabelsi 
discloses: 

The system as set forth in claim 23 further comprising an action group tag 
associated with a list of permission indicators in an access control list entry (paragraphs 
43-45, 67-70), wherein an group identifier is associated with different permission 
indicators which are checked when a resource is requested. 

Conclusion 

THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 



Application/Control Number: 09/903,704 



Page 17 



Art Unit: 2131 

shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



K.A. 

10/12/2006 




